Here is some information that I've found/discovered from playing around with packets. The following is presented in an adhoc tutorial style. Hopepully you find it interesting.
Something that I found useful was the ability to actually capture the raw UDP packet using
In the following example, we'll capture a DNS query packet and save it to a file.
Open up two terminal windows. In one window, type the following:
$ tcpdump udp -e -i eth0 -nn -vvv -c 1 -w dig.raw
-c 1 option means that we only want to capture a single packet. The
-w dig.raw options means that we want to dump the bytes of the packet we receive to
In the other window, type the following:
$ dig @220.127.116.11 www.uga.edu
In the first window, you should notice that
tcpdump captured a packet and quit. The contents of that packet are now in
Note: In the commands above, you may need to change
eth0 to whatever interface you're actually using.
After looking around online and playing with the format strings myself, I came up with some pretty neat ways to display a file using the
hexdump utility. You can check out the commands in the other files in this gist. Also, they should work with any file (not just packet dumps).